Subject: Re: Not really an advocacy :-(
To: None <netbsd-advocacy@netbsd.org, tech-security@netbsd.org>
From: Jan Schaumann <jschauma@netbsd.org>
List: netbsd-advocacy
Date: 06/21/2002 11:28:16
"Ing.,BcA. Ivan Dolezal" <ivan.dolezal@vsb.cz> wrote:
 
> June 19, 2002
> 
> - FBI's National Infrastructure Protection Center Advisory
> - Linux Weekly News report
> - Apache releases 1.3.26
> - Debian, Red Hat Linux release their packages (for free)
> - "Package apache-1.3.24 has a remote-root-shell vulnerability"
>    message from audit-packages

http://www.netbsd.org/Changes/#apache-pkg
 
> ...problem still not mentioned at netbsd.org/Security/

AFAIK, we stopped making Security *advisories* for packages.

> ...problem still not mentioned at
> ftp://ftp.netbsd.org/pub/NetBSD/packages/pkgsrc/www/apache/README.html
> (last audit from Jun 6 05:00)

True.

> ...insecure 1.3.24 still available from the package collection

cvs update

-Jan

-- 
http://www.netbsd.org -
         Multiarchitecture OS, no hype required.